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DETAILED ACTION 

Applicant's election of group I (claim 1-3 and 5-21) in the reply filed on 8/30/2006 
is acknowledged. Because applicant did not distinctly and specifically point out the 
supposed errors in the restriction requirement, the election has been treated as an 
election without traverse (MPEP § 818.03(a)) and the requirement has been made 
FINAL. 

Amended claims 1-3 and 5-21 were fully considered. 

Response to Arguments 

Applicant's arguments were fully considered. With regards to claim objections 
and rejections under 35 USC 1 12 made in the prior office action, they are withdrawn 
due to applicant's amendments. With regards to 101 rejections made in the prior office 
action, the arguments were fully considered, but were not persuasive. 

In the prior office, the examiner rejected claims under 35 USC 101 as being not 
statutory due to the claimed invention being directed towards software per se. Applicant 
argues that the 101 rejections made in the prior office action were in error as the legal 
standard for determining whether claims are directed towards statutory subject matter is 
whether the claims can be applied in a practical application to produce a useful, 
concrete, and tangible result. Applicant states that the preamble of independent claim 1 
recites a computer-implemented data security system, thus as part of a computer- 
implemented data security system, claim 1 produces a useful, concrete, and tangible 
result. The examiner respectfully disagrees. 

While it is true that one must determine whether or not a claimed invention has 
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practical application which yields a concrete, useful, and tangible result, merely making 
this determination is not a complete analysis of whether an invention is statutory. See 
for example MPEP 2106.01(1), which discusses how computer programs, i.e. software 
per se, is not statutory. Further, that the preamble of claim 1 recites that the system is 
"computer-implemented" is immaterial in determining whether or not the claims are 
statutory because: (a) where the body of the claim does not depend on the preamble for 
completeness but, instead, the process steps or structural limitations are able to stand 
alone (as is the case for claim 1), the preamble is not given patentable weight. See In 
re Hirao, 535 F.2d 67, 190 USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 
152, 88 USPQ 478, 481 (CCPA 1951) and (b) the machine/computer implemented test 
is not a proper test to perform in determining whether or not an invention is statutory, 
see for example Grams, 888 F.2d at 841, 12 USPQ2d at 1829 where claim 16 was 
ruled nonstatutory even though it was a "computer implemented" process. 

The rest of applicant's arguments with regards to claims 1-3 and 5-21 were also 
considered, but are moot in view of new rejections presented below. 

Claim Objections 

Claims 5-6 are objected to because of the following informalities: The examiner 
respectfully submits that "the at least one policy" recited in claims 5 and 6 should 
instead be "the at least one of a plurality of policies" to be consistent with what is recited 
in independent claim 1. Appropriate correction is required. 



Claim Rejections - 35 USC § 101 
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35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1-3 and 5-20 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

1 . Claim 1 is directed towards a system comprising a data store and a security 
component. Both the data store and the security components are software (see 
specification p6, lines 5-7 and p25, lines 1-11), thus the system of claim 1 is 
directed towards software per se and is not statutory. Applicant must recite a 
hardware component for the system of claim 1 for claim 1 to be statutory. Claims 
2-3 and 5-20 are dependent on claim 1 and either further defines the software 
components of the system of claim 1 or further recites other components of the 
system which are also disclosed in the specification as being implemented as 
software. Thus claims 2-3 and 5-20 also are not statutory because they are 
directed towards software per se. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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Claims 1-3, 5-12, 15-16, and 18-21 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Krishnapuram et al (US 7,120,698). 
Claim 1: 

Krishnapuram discloses: 

1 . A data store that includes at least one hierarchical data structure that comprises 
a plurality of data items (Fig 1, items 110, 1120, 130 and col 3, lines 10-14, 28- 
32, and 47-51). 

2. A security component, i.e. access determination engine 140, that automatically 
applies at least one of a plurality of security policies to at least a first subsection 
of the data store based at least in part upon detection of type of the at least one 
hierarchical data structure (col 2, lines 51-54, 60-64 and col 5, lines 31-42). 

Note that the logical tree relationships between each of the elements in the data 
store comprising elements 110, 120, and 130 seen in Figure 1 are used to determine 
the rules or policy for accessing items in the data stores. In determining the logical 
relationships of the elements, the type of the hierarchical data structure, i.e. type of tree, 
contained in the data store is detected. 
Claim 2: 

Krishnapuram further discloses the least one hierarchical data structure is at 
least one of a tree structure and a containment hierarchy (Fig 2; col 3, lines 28-32; and 
col 4, lines 24-31). 
Claim 3: 
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Krishnapuram further discloses the containment hierarchy is modeled as a 
Directed Acyclic Graph (DAG) (col 3, lines 10-14). 
Claim 5: 

Krishnapuram further discloses the at least one of a plurality of policies is 
mapped from within the data store (col 3, line 47-col 4, line 16). 
Claim 6: 

Krishnapuram further discloses the at least one of a plurality of policies is at least 
one of explicitly mapped to an item and inherited by an item (col 5, lines 45-47 and col 
6, lines 1-6). 
Claim 7: 

Krishnapuram further discloses the security component includes an Access 
Control List having one or more Access Control Entries (Fig 5). The examiner submits 
each row of the structure seen in Fig 5 as an Access Control List and each of the items 
in a row as an Access Control Entry. 
Claim 8: 

Krishnapuram further discloses the Access Control List is associated with a 
holding relationship of a containment hierarchy (Fig 5; col 5, lines 31-56; and col 6, lines 
51-65). Using item 530 as an example, the Access Control List represented by item 
530 has entries 1.1.1, 2.1, and 3.1. As seen in Figure 3, entry 1.1.1 is a leaf of actor 
tree 2100, thus is held within/associated with containment hierarchy 2100. Similar 
analyses are applicable to entries 2.1 and 3.1 with regards to trees 2200 and 2300 in 
Fig 3. 
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Claim 9: 

Krishnapuram further discloses a plurality of Access Control Lists that describe 
discretionary access rights for an item within the containment hierarchy (Fig 5). Figure 
5 shows a memory structure containing multiple rows, each row being an Access 
Control List which describes the access rights for an actor seen in actor tree 2100 seen 
in Figure 3. 
Claim 10: 

Krishnapuram further discloses the security component specifies a set of 
principals, i.e. actors, that are granted or denied access to perform operations on an 
item, i.e. target (col 6, lines 15-27). 
Claim 11: 

Krishnapuram further discloses the security component includes at least one of 
discretionary access control list, a system access control list, and a security identifier 
(Fig 5). 
Claim 12: 

Krishnapuram further discloses an ordering component that arranges one or 
more Access Control Entries (ACE) in an Access Control List (ACL) to determine a 
security policy that is enforced for an item (col 5, line 63-col 6, line 14). 
Claim 15: 

Krishnapuram further discloses a component, i.e. query-filters, that evaluates 
access rights for a given principal to a given data item (col 5, lines 51-65). 
Claim 16: 
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Krishnapuram further discloses an effective access control list that is obtained by 
processing lists inherited by an item an adding inheritable access control entries in an 
explicit access control list (col 6, 15-27). 
Claim 18: 

Krishnapuram further discloses a security table for similarly protected security 
regions (Fig 5, item 500). 
Claim 19: 

Krishnapuram further discloses the security table includes at least one of the 
following fields: an Item Identity, an Item OrdPath, an Explicit Item, a Path ACL, and a 
Region ACL (Fig 5). 
Claim 20: 

Krishnapuram further discloses a component that does at least one of create a 
new item in a container, add an explicit ACL to an item, add a holding link to an item, 
delete a holding link from an item, delete an explicit ACL from an item and modify an 
ACL associated with an item (col 3, lines 45-47). Note that in the cited passage a user 
is able to modify the ACL associated with an item so a new type of action may be 
performed on an item. 
Claim 21: 

As per claim 21, note that Krishnapuram's invention is implemented via a 
computer (col 7, lines 19-23), thus there would require a computer readable medium 
having computer readable instructions stored therein for implementing the security 
component of claim 1. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 13-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Krishnapuram et al (US 7,120,698) in view of Holdsworth et al (US 2003/0188198). 

Claim 13: 

As per claim 13, Krishnapuram does not explicitly disclose utilization of the 
following ordering algorithm by the security component: 
For inherited ACL's (L) on the data item (I) 
For items 11, 12 
For ACE's A1 and A2 in L, 

11 is an ancestor of 12 and 

12 is an ancestor of 13 and 

A1 is an ACE inherited from 11 and 

A2 is an ACE inherited from 12 
Implies 

A2 precedes A1 in L, 
Wherein L and I are integers. 
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However, use of the ordering algorithm as recited above is disclosed by 
Holdsworth (paragraph 58). At the time applicant's invention was made, it would have 
been obvious to one skilled in the art to modify Krishnapuram's invention such that the 
security component utilized the ordering algorithm as recited above. One skilled would 
have been motivated to do so because use of the ordering algorithm would allow 
conflicts in policies between parent and child nodes to be resolved. Note Krishnapuram 
is interested in having conflicting policies resolved (col 6, lines 7-27). 
Claim 14: 

As per claim 14, Krishnapuram does not explicitly disclose utilization of the 
following ordering algorithm by the security component: 
For inherited ACL's (L) on the data item (I) 
For items 11, 12 
For ACE's A1 and A2 in L, 

11 is an ancestor or 12 and 

A1 is an ACCESS_DENIED_ACE inherited from 11 and 
A2 is an ACCESS_GRANTED_ACE inherited from 11 

Implies 

A1 precedes A2 in L 

Wherein L and I are integers. - 

However, use of the ordering algorithm as recited above is disclosed by 
Holdsworth (paragraph 60). At the time applicant's invention was made, it would have 
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been obvious to one skilled in the art to modify Krishnapuram's invention such that the 
security component utilized the ordering algorithm as recited above. One skilled would 
have been motivated to do so because use of ordering algorithms would allow conflicts 
in policies between parent and child nodes to be resolved. Note Krishnapuram is 
interested in having conflicting policies resolved (col 6, lines 7-27). One skilled would 
also be motivated to do utilize the above ordering algorithm because at there are times 
intermediate nodes requires permission for a principal which differs from one or more 
ancestors (Holdsworth: paragraph 60). Using the ordering algorithm as recited in claim 
14 would allow this. 



Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Krishnapuram et al (US 7,120,698) in view of Belani et al (US 6,772,350). 
Claim 17: 

Krishnapuram does not disclose the security component comprises an access 
mask specifying at least one object-specific access rights, standard access rights, and 
generic access rights. However, Belani discloses the limitation (col 7, liens 42-48 and 
Fig 4). 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to modify Krishnapuram's invention according to the limitations recited 
in claim 17 in light of Belani's teachings. One skilled would have been motivated to do 
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so because use of an access mask would allow multiple types of permissions for an 
object to be easily organized in memory. 

Conclusion 

Applicants amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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